package com.ctg.itrdc.sysmgr.permission.core.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.apache.shiro.web.servlet.ShiroHttpServletResponse;
import org.springframework.http.HttpStatus;

import com.ctg.itrdc.sysmgr.permission.core.CtgUser;
import com.ctg.itrdc.sysmgr.permission.core.control.CommonResult;
import com.ctg.itrdc.sysmgr.permission.core.utils.WebUtils;

public class PostFilter extends AccessControlFilter {

	@Override
	protected boolean isAccessAllowed(ServletRequest request,
			ServletResponse response, Object mappedValue) throws Exception {
		
		ShiroHttpServletRequest req = (ShiroHttpServletRequest)request;
		ShiroHttpServletResponse rep = (ShiroHttpServletResponse)response;
		CtgUser user = WebUtils.getCtgUser();
		if(!user.getHasPost()) {
			WebUtils.issueRedirect(request, response, "/user/noPost");
			return false;
		}
		if(WebUtils.isAjax(req)) {
			if(user.getRzOrgId() == null || user.getSysPostId() == null) {
				response.setContentType("text/html;charset=UTF-8");
				response.getWriter().write("{\"resultCode\":\"409\",\"resultMsg\":\"亲，请选择岗位之后再访问~\"}");
				return false;
			}
		}
		return true;
	}

	@Override
	protected boolean onAccessDenied(ServletRequest request,
			ServletResponse response) throws Exception {
		// 配合isAccessAllowed方法直接拦截请求
		return false;
	}

}
